Part 1: Prevent breaches automatically to keep your business moving
At Cisco, we’re constantly talking with executives and IT leaders about cybersecurity. They’re concerned – they want to know how to protect their company, their employees, and their customers. But three primary concerns always seem to top the list:
- Breach Prevention: “I’m not confident that we can prevent the next big breach from impacting our organization. When the next big cyberattack happens, will we be protected?”
- Lack of Visibility: “I’m not sure if my security tools are showing me the full picture. I need visibility into what’s going on. I need to see potential threats across my network. Without visibility, I won’t be able to quickly detect and eliminate active threats before damage is done.”
- Limited Resources: “In the face of constant cyberattacks, I have limited budget, staff, and time. My team is overwhelmed. They’re just reacting, playing whack-a-mole with threats and struggling to keep up, instead of developing a sustainable solution to the problem.”
More often than not, organizations look for shiny new security tools to address these problems. But rather than adding more tools, have you thought about asking how your firewall can help?
A firewall? Seriously? (Yes. Seriously)
In this three-part blog series, we’ll explore the concerns above and showcase how a Cisco Next-Generation Firewall, as a core component of your security defenses, can offer a solution. You should be demanding more from your firewall. You should be asking yourself – “Can my firewall do that?”
Let’s address the first concern – breach prevention. In the face of constant attacks and headline-grabbing cybersecurity breaches, organizations today are worried about the next big cybersecurity breach. A breach can compromise sensitive data, erode confidence in an organization’s brand, knock the network out of commission, and result in lost productivity and millions of dollars lost. How can a Cisco firewall prevent breaches and keep your business moving?
Actionable threat intelligence can stop threats in their tracks
It all starts with the best threat intelligence. A firewall acts as a filter and gateway for network traffic, but it must scrutinize network traffic and files against the largest, most robust, and most up-to-date threat intelligence available. Cisco Talos provides threat intelligence to Cisco firewalls. Cisco Talos is the largest commercial threat intelligence team in the world, comprised of over 250 world-class researchers, analysts and engineers. The team is supported by unrivaled telemetry and sophisticated systems to create accurate, rapid and actionable threat intelligence that is continuously pushed out to Cisco products (including the firewall)– free of charge.
The breadth and depth of Talos intelligence and analysis is staggering. For instance:
- Talos blocks approximately 200 billion malicious emails a day, which equates to approximately 2.3 million blocks per second.
- Talos inspects nearly 17 billion web requests each day
- Talos collects and analyzes more than 1.5 million malicious software samples a day by compiling data acquired from product telemetry along with honeypots, sandboxes, and industry partnerships in the malware community
Talos uses this data to create security protections (in the form of security rules) to defend Cisco customers against known and emerging threats, discover new vulnerabilities in common software, and interdict threats in the wild before they can further harm the internet at large. Talos maintains the official rule sets of Snort.org, ClamAV, and SpamCop, in addition to releasing many open-source research and analysis tools.
Built-in intrusion prevention (IPS) to pre-emptively block attacks
Cisco’s next-generation firewall also provides next-generation intrusion prevention (NGIPS) capabilities built-in. While NGIPS does more than just breach prevention, it is integral as a first line of defense against attacks. It looks for known attack signatures and blocks them, but also uses an extensive list of network protocols in order to identify a wider range of attacks and block those as well. For vulnerability prevention, the firewall can flag suspicious files, analyze them to uncover yet identified threats, ad patch high priority vulnerabilities. Now, you don’t have to deploy a separate IPS – it’s all part of one Cisco firewall solution with one management console.
The result? A proven track record
This combination of expertly-sourced threat intelligence and integrated IPS functionality built into the Cisco firewall translates to real results. Consider some of the biggest breaches over the past few years – WannaCry, Nyetya, and VPNFilter. Cisco Talos caught all of these (and others) and Cisco firewall customers were automatically protected without having to do a thing.
Take WannaCry for example. Cisco Talos created a security protection in the form of a Snort rule to protect against WannaCry two months before it hit the broader public. WannaCry made global headlines when it hit on May 12th, 2017. Cisco NGFW customers were protected way back on March 14th. That’s because WannaCry leveraged several previously disclosed vulnerabilities in order to compromise systems. Cisco NGFW customers automatically received and applied protections thanks to IPS rules that were written by Talos to protect against any attacks that would try to exploit these vulnerabilities. Talos has investigated and stopped numerous other big name breaches since then, all catalogued in their weekly “threat roundups” on their blog https://blog.talosintelligence.com/
Can your firewall prevent breaches? A Cisco firewall can. See how we do it with a guided tour of breach prevention capabilities in this demo of Cisco Firepower Next-Generation Firewalls.
Sign up for a free threat scan to see how a Cisco NGFW can help your organization, and join us next time in part two of this blog series as we explore how better network visibility can help your organization quickly uncover and detect stealthy attacks. Yes, your firewall can do that too.